Legal

Agreements & Policies

Privacy

Terms of Services

SERVICES DATA COLLECTION DISCLOSURE

Updated September 2024 Archived versions

This Services Data Collection Disclosure applies to Synology-provided services offered on Synology websites, Synology-branded applications, services provided from physical Synology products ("Synology Devices"), and digital or physical services directly offered by Synology unless stated otherwise. A list below details the data collection of Services provided.

Synology Account

A Synology Account is the personal account you use to access Synology services, such as QuickConnect, Synology DDNS, Technical Support, Package Activation, Active Insight, and DSM configuration. You will need to associate your Synology Account with your NAS device to enable those Synology services. Data collected by corresponding Synology services can also be found on this Service Data Processing Policy. Please read the relevant sections for more information.

By creating a Synology Account, you will automatically receive our eNews from time to time. You may choose to opt-out from our eNews Service by changing the settings on your Synology Account newsletter page or by clicking on the "unsubscribe" link in the corresponding newsletters. However, if you are an EU resident other than a business user, you will only receive our eNews when your consent is validly provided and you may withdraw your consent at any time by using the methods described above.

When you create a Synology Account, we may collect a variety of information, including your name, mailing address, phone number, email address, device identifiers, IP address, and location information to help facilitate communications and provide services to you. If you purchase our package license, we will collect your payment information, and you can find your purchase history on your Synology Account payment page. For more information, please read our payment section.

Please note that if you reside in the Chinese Mainland, your phone number will be used to verify your identity. We will use a third-party to send you a verification code when you create your Synology Account.

Synology Account websites may use "cookies" to help us better understand user behavior and to improve user experiences when you revisit our websites. For more information, please read our Cookie Policy.

Synology does not use your information for any other purpose.

Synology does not share your information unless otherwise specified for the particular service.

You may delete your Synology Account at any time. However, we may be unable to provide you certain services afterward. Account deletions, including all the associated data with the specified account, are irreversible. Synology may retain payment data for financial purposes, including but not limited to tax reporting, auditing, and inventory purposes.

Package Center

Synology collects package download information from your Synology Device in order to help us understand how we can better improve our devices and software. When a Synology Device issues a download request to Package Center, Synology's database will record the action with a unique ID. This ID is used only to identify download activity in Package Center. None of this information contains any of your personal information or metadata pertaining to your files. Package Center does not track or record your device's serial number, MAC address, or IP addresses for uses that do not require additional licenses.

Licensing

Purchasing package licenses, whether a single, subscription-based, or in-app purchase, requires a Synology Account*. We will collect certain information from your Synology Device for licensing purposes, including product serial number, IP address, MAC address, and registered Synology Account. We store this information to verify your license when it is applied to a Synology Device.

Activating and updating packages will usually require an Internet connection to our servers. We identify your Synology Device with a unique device ID.

For record-keeping and future troubleshooting, we may keep track of information such as whether the update was successful or not. We may use the information collected through activation or updates to validate your license status.

Synology only shares aggregated statistics that do not contain personal information to our partners, licensors, and licensees.

Applicable to:

Synology-published
  • exFAT Access
  • McAfee Antivirus
  • MailPlus Server
  • Presto File Server
  • Virtual DSM
  • Virtual Machine Manager Pro
  • VPN Plus

* Surveillance Station licensing does not require a Synology Account

Third-party
  • sMedio DTCP Move
  • DiXiM Media Server

Third-Party Packages

Synology Package Center is a platform that enables other developers to publish their applications for use on Synology Devices. Packages distributed or published by third-party developers may collect additional information regarding you or your device. Synology requires third-party developers to be transparent about all practices. However, Synology does not control or have the capability to completely verify claims, nor is Synology responsible for any practices performed by third-party packages. When you install third-party packages, you should read and understand the end-user license agreements (EULA), privacy statements/policies/notices, and terms of use/service that may be presented to you.

Users should contact the third party directly for any questions or problems you have in using third-party packages.

Certain third-party packages may utilize Synology's Package Center for payment services. Synology will collect the same information as listed in the "Payment" section. Synology does not disclose your personal information to third parties and only presents the information as an aggregated figure.

Third-party packages may include their own subscription or payment services that are not controlled by Synology.

Synology only shares aggregated statistics that do not contain personal information to third-party developers.

Package Activation

Data we collect

To activate certain Synology-published packages, your Synology Account is required to complete the activation. Synology collects device-specific information and information from your Synology Account such as hardware model name, user's type (business or home), data storage location, and company name.

Applicable to:

Synology-published
  • Active Backup Series
    • Active Backup for Business
    • Active Backup for Google Workspace
    • Active Backup for Microsoft 365

How we use your data

Synology encrypts the raw data received and then analyzes it to produce human-readable results, to help us provide better service/software for you in the future. The raw data is never shared with any third parties. Package activation does not track your device's serial number, MAC, or IP addresses.

How we store your data

Synology employs industry-standard encryption practices to safely protect your raw data. Even in the event of a breach, the data collected cannot be used to identify you. Synology restricts access to both the raw and aggregated data by specific employee roles. Data collected is deleted when the relevant Synology Account is deleted.

Payment

Data we collect

To make a purchase, Synology will collect the information you provide, including your name, billing address, phone number, IP address, client user-agent, VAT, and payment method to process the transaction. Synology does not directly handle your payment methods, such as your credit card number and CVC.

How we use your data

Synology uses the third-party processors, Cherri Tech, Inc. (hereinafter "Cherri Tech") and Stripe, Inc. (hereinafter "Stripe"), to securely handle your payment method and to calculate and report taxes. If you pay in New Taiwan Dollars (TWD), Cherri Tech will be the payment processor of your billing information. If you pay in any other currency than TWD, Stripe will be the payment processor. Cherri Tech and Stripe will use and process your complete payment information in accordance with Cherri Tech's privacy policy and Stripe's privacy policy respectively.

If you sign up for paid services as in-app purchases via Apple's App Store, all the payments will be processed by Apple. Please see Apple's privacy policy for the information on how they use and process your payment information.

Synology only uses the information we collect from the payment process to complete transactions, generate receipts, report taxes, and for financial and legal auditing purposes. We do not share or use this information for any other purpose.

How we store your data

Your purchase history, even if refunded or canceled, will be stored for a minimum of four years per legal requirements imposed on Synology and its subsidiaries. Synology will retain this history, including your billing information, for an indefinite period in the following situations; If the order contains a perpetual license, a license renewal, a physical item, extended support, or is needed for financial or legal purposes. Our payment processors and tax reporting providers may additionally be subjected to other legal obligations.

Synology generates a receipt that is made available on your Synology Account for each transaction.

By deleting your Synology Account, you will be forfeiting all purchased licenses. Synology will remove your transaction history after the minimum storage period based on our legal obligations.

Synology Store

Data we collect

Synology Store is an e-commerce platform operated by Synology. To make a purchase, Synology Store requires a Synology Account. Synology collects certain types of information from you to clear the transaction and provide the service to you. The types may include:

  • Payment information: Your billing address, VAT number, and payment method. Please refer to the "Payment" section for more information.
  • Shipping information: Your name, email, phone number, product serial number, and shipping address.
  • Invoice and credit memo: Your name, email, shipping address, billing address, and product's serial number.

Additionally, we may collect your personal information, including your name, email, address, phone number, and product's serial number, for the purpose of processing your return request.

How we use your data

Synology does not directly handle your payment information, such as your credit card number and verification code (CVC). We use the third-party processor, Stripe, Inc., to securely handle your payment method and to calculate and report taxes. Stripe will use and process your complete payment information in accordance with Stripe's privacy policy respectively.

Also, to deliver your order, we will collect the shipping address that you provide to process the logistics, and your contact information may be passed to our third-party logistics partner, United Parcel Service of America, Inc. (hereinafter "UPS"). Please refer to UPS's privacy policy for the information on how they use and process your shipping information.

How we store your data

Synology retains the collected information only for the necessary period of time to fulfill the purpose of providing the services, including any legal or business requirements. The information that we collect from you will be managed by our maintenance personnel with adequate authorization.

In addition, you have the rights to control your personal information at any time, which include:

  • access the information that we collected from you;
  • correct any inaccurate or incomplete information;
  • request deletion of your information from our records.

C2

Data we collect

Synology C2 service is a cloud service operated by Synology. C2 service requires a Synology Account. We collect payment information from you to clear the transaction and provide the service to you. You should refer to the "Payment" section for more information. Additionally, we may collect usage and operation information in order to keep your service secure, up-to-date, and performing as expected.

In addition, to help us understand the channel that our subscribers come from, we collect the information regarding the channels of the subscribers (e.g., the URL of the event's webpage) after successfully subscribed. The mentioned information does not contain any personal information and we cannot identify individuals from this information.

For each C2 service, the types of data we will collect, and the use of your data are described as follows:

  • C2 Backup stores Your Content (as defined in C2 Terms of Service) that you back up from your source device or cloud services and is fully encrypted. For cloud services backup, we only collect necessary personal data and the index information of Your Content in order to provide search features and backup services. For device backup, device metadata and device IP are also collected to provide backup service. For cloud services, user related data including name and email account are collected with encryption to provide backup service. To provide the email notification service, we will collect and encrypt the email address that you chose to send email notifications for your C2 Backup service status. Other usage information generated by using the C2 Backup service, such as backup policy setting or device amount and other unidentifiable information, will not be encrypted and are collected and will solely be used for the purpose of improving the service experience and adding new features.
  • C2 Identity collects Your Content (as defined in C2 Terms of Service) and the metadata of the devices registered to C2 Identity, such as hostname, IP, serial number, operation system and version, storage usage, system uptime, and disk encryption status. Our collection of both these types of data enables us to provide the C2 Identity Service. Other usage information generated by using the C2 Identity service, such as the user count of each status, the registered device count of each status, group count, application count, link expiration time, file size and other unidentifiable information, will not be encrypted and are collected and used for the purpose of improving the service experience and adding new features.
  • C2 Object Storage is a reliable and flexible object storage solution suitable for storing unstructured data. It only stores the data You uploaded hereto in order to provide the object storage service.
  • C2 Password collects all data created, uploaded and stored by you in encrypted format within Your C2 Password account. We have no way of accessing decrypted versions of these data. The encrypted data include but is not limited to attachments, passwords, payment cards, personal identities, bank accounts, router information, and secure notes. Other usage information generated by using the C2 Password service, such as server logs, billing information, IP addresses, make and model of your device, number of items shared and, in the vaults, account email, profile name, and other unidentifiable information, will not be encrypted and are collected and used for the purpose of improving the service experience and adding new features.
  • C2 Storage stores data that you upload or sync from your Synology NAS Devices. For Hyper backup, you may choose to encrypt the data prior to uploading it. For Hybrid Share, the data is encrypted before uploading.
  • C2 Surveillance stores the videos that are uploaded from Your Synology NAS Devices. Such videos are recorded by the cameras that You have bound to the corresponding Plan through Synology Surveillance Station. The period of time when Synology retains Your uploaded videos depends on Your Plan. You can also delete the videos from C2 Surveillance at any time. Synology will not access Your uploaded video data.
  • C2 Transfer stores data that You uploaded for a transfer task and data uploaded to Your Storage Space. Such data, including the file content and file name, uploaded by You are completely encrypted at Your endpoint before being stored onto our platform. However, there are two cases where the C2 server decrypts and temporarily accesses the file: (a) When You apply dynamic watermark with the receiver's information to the transferred document, the C2 server will decrypt and temporarily access the document. The receiver's phone number and/or email address will be used for applying the dynamic watermark that demonstrates the receiver's information, or be hashed and used for one-time-password (OTP) verification, and will be stored on our platform until the transfer task is removed from Your account; and (b) When Your Content from Your Storage Space is transferred with watermark, the C2 server will decrypt and temporarily access the document to apply the watermark. In order to provide log records, IP addresses of Users (as defined in C2 Terms of Service) will also be collected by our server. Other usage information generated by using the C2 Transfer service, such as link expiration time, file size and other unidentifiable information, will not be encrypted and are collected and used for the sole purpose of improving the service experience and adding new features.

How we use your data

Synology only uses data you provide to us to offer you the C2 service that you order from us. We do not access or analyze the data you upload, except that, as stated above, for the cloud service backup, we will access part of Your Content to provide service and search feature. Apart from C2 Backup, other C2 services will not access the data you upload. To provide service stability and optimize user experience, Synology may analyze non-personal identifiable service usage information that cannot be used to identify you or your device.

How we store your data

Synology maintains your files in the Unites States, Germany, or Taiwan depending on your choice. Synology C2 services support full encryption of your files. Your data is protected with industry-standard encryption practices. Your files will never be accessed by our engineers unless a specific technical support request is made by you and requires us to do so. You can delete your data anytime during the subscription period. If your subscription ends, all your data will be deleted after a "grace period" defined by the Synology C2 Terms of Service. If you choose to delete your Synology Account, your data and subscription status for Synology C2 will also be forfeited and removed.

Device Analytics

Device analytics, or usage information sharing, is an opt-in* option that you may enable in Synology's DSM or SRM operating system. In DSM, we develop our own tool to understand the usage trends of DSM. In SRM, we use Google Analytics, a web analytics service provided by Google, Inc. ("Google"), to understand the usage trends of SRM. You can opt-out any time by disabling the device analytic function in the control panel both in DSM or SRM.

* As of May 22, 2018, Synology no longer collects data from DSM 6.1.6 and earlier versions, 6.2 Beta, and Preview versions, or any SRM 1.1.x versions even if the option is enabled.

Data we collect

Synology collects usage information from your Synology Device in order to help us understand how we can better improve our devices and software. The data we collect does not contain information that can directly identify you, the user. Your Synology Device will send to us, for example, information on the settings of the Internet environment, the operating system, and packages. Additionally, we may collect information on how you interact with certain functionality or user interface elements.

How we use your data

The raw data will be encrypted and then analyzed to produce human-readable results. The raw data is never shared with any third parties. Synology engineers and product management teams may utilize aggregated information to analyze usage trends to make informed decisions on our future products, applications, and services. In very select cases, Synology may elect to share a very small subset of these aggregated statistics with select partners. The information we share with partners is strictly aggregated results and anonymous.

How we store your data

Your raw data is protected with industry-standard encryption practices. Even in the event of a breach, the data collected cannot be used to identify you or your device. Synology retains device analytics data for up to three years in order to generate statistics. Synology restricts access to both the raw and aggregated data by specific employee roles.

Device Network Mapping

Data we collect

Synology collects server name, IP address, Mac address, serial number, operation system version, model name, and status of devices that do not have operating system installed when you visit "find.synology.com" or "router.synology.com" so that you can identify and install the operation system on those devices. The collected data will be deleted after the system installation is completed. By enabling this service (configurable at DSM > Control Panel > Info Center > Device Analytics), you can easily find Synology Devices on your network in order to connect to them. Synology will use devices where the Share Network Location service is enabled to scan your local network when you access "find.synology.com" or "router.synology.com" to list devices on your network. You can opt out of this service anytime. If you opt out of this service, you will need to remember the IP addresses of your Synology Devices or have already set up your own domain and/or QuickConnect or Synology DDNS service to get access to your Synology Devices. Synology will delete the collected data after you opt out of this service.

How we use your data

Synology only stores information to help you easily identify devices on your network when you access "find.synology.com" and "router.synology.com". Synology does not use this information for any other purpose. We do not share this information.

How we store your data

Unless there is a technical issue with the system or a technical support request, Synology employees do not have access to the database. Data collected by this method are automatically deleted after 90 days of inactivity.

Marketing Events and Promotional Events

Data we collect

Synology hosts events such as webinars, workshops, and product launches. You can sign up to join one of these from Synology's website. Registration may require a Synology Account, as well as may require additional survey information depending on the event. Synology collects, and stores information related to you that is available from your registration and from the survey.

Some events may be hosted by a third party. With your consent, event hosts may share event attendees' information to their sponsors. In events where Synology is a co-host or sponsor, we may receive participants' information from event hosts.

Some events may have registration fees, payment methods and personal information processed by Synology will be handled by the Payment section.

How we use your data

Synology may contact you through email or other communication protocols with information regarding the registered event and/or about service-related issues.

How we store your data

Your information is securely stored and only available to event organizers. Synology retains event participation information for at least four years due to legal obligations that are imposed on Synology and our subsidiaries. The actual storage period may differ depending on the host(s), venue, location, and type of event.

If you would like to remove your information after the event, you may choose to delete your Synology Account. As some information is required for certain events, this may limit our ability to provide services or allow you attendance. You may also elect to unregister from the event if you no longer wish to attend.

For events hosted that do not require a Synology Account, please contact Synology. Synology may request additional information to confirm your identity.

QuickConnect and Synology DDNS

Data we collect

QuickConnect and Synology DDNS are free connection services provided by Synology. Users who wish to utilize these services must have a Synology Account. Synology collects certain information from your Synology Device, including product serial number, IP address, and routing ports in order to provide the services to you.

How we use your data

Synology uses the collected data to identify, authenticate, and provide Synology Devices with QuickConnect and Synology DDNS services. In addition, to secure the connection to your DSM with HTTPS, your QuickConnect and/or Synology DDNS domain will be passed to Let's Encrypt, a third-party certificate authority, to generate an SSL certificate. For details on how Let's Encrypt uses your data, please refer to Let's Encrypt Privacy Policy.

Synology may be required to share your information to the extent necessary to comply with ICANN or any ccTLD rules, regulations, and policies when you register a domain name with us.

How we store your data

Unless there is a technical issue with the system or per a technical support request, Synology employees do not have access to the database. Users who signed up for the services may end the service at any time. Data collected is deleted when the relevant Synology Account is deleted.

Technical Support

Data we collect

You may request Synology Technical Support assistance through our website, live chat, or by phone. Submitting a Technical Support form requires a Synology Account. Synology collects and stores the information therein that is necessary for investigation of and providing response and resolution to your technical support request.

When you make a phone request to Synology's Technical Support hotline, our technical support agent will ask for your consent on phone recording at the beginning of the conversation. Your personal information, including name, email, telephone number, and detail on your Synology product will be recorded in our systems. You may view, track, respond to your Technical Support ticket via your Synology Account. If you don't have a Synology Account, Synology's technical representative will create a temporary account. You must enable it to track ticket status and to receive follow up information.

You may be requested to upload log files of your devices to Synology. The log files are only for the use of Synology to investigate and resolve your technical support request. If you use Synology NAS Device, the information within the log files may include the system and operating data such as serial numbers, MAC addresses, IP addresses, system configuration, and storage configuration. If you use Synology C2 services, the information within the log files is collected from the client device using C2 services, and may include device information, crash logs, and application error report.

In some cases, you may be requested to provide remote access information. Synology technical support agents together in some cases with Synology software engineers may utilize the credentials provided to directly access your device.

When a device replacement or spare part is requested, you will be required to provide a valid shipping address. In certain cases, you may be asked to provide payment for support services, shipping charges, or spare parts.

How we use your data

When you submit a Technical Support form in your Synology Account, you are required to provide the essential product information that is needed to investigate, respond to, and resolve your technical support request. During the investigation, Synology may request additional information that is required to resolve the matter. Depending on the complexity and the severity of the request, the support ticket may be escalated to parties within Synology to investigate, respond to, and resolve your request. The information revealed to involved parties is strictly limited. Synology restricts access to both the raw and aggregated data by specific employee roles.

Synology utilizes the information gathered through technical support requests exclusively for issue resolution purposes. Following the removal of personal data, certain technical details may be utilized for generating bug reports, especially for previously unidentified problems, aimed at implementing solutions for our product line. Additionally, Synology may transmit anonymized technical information to Microsoft Azure and leverage its OpenAI services to enhance the overall technical support experience. Synology will ensure that personally identifiable information, such as names, phone numbers, addresses, email addresses, IP addresses and product serial numbers, is excluded from this process.

If shipping is required, your shipping address and contact information may be passed to third-party logistics partners.

How we store your data

Synology restricts access to both the raw and aggregated data by specific employee roles.

When you upload files for your support ticket, Synology will retain them for up to 90 days after the ticket has been resolved.

When you provide remote access information, Synology will retain it until the ticket has been resolved.

Synology keeps communication and survey records for a minimum of three years for internal auditing and statistical purposes. If you wish to remove your personal information from our systems, you may choose to delete your Synology Account. We may choose to retain technical details of the problem, such as steps to reproduce it, the technical details of the environment, and what steps were taken to resolve it.

Synology will keep all shipping records for internal auditing and inventory control purposes indefinitely.

Synology Application Service

Data we collect

Synology Application Service collects the message contents you create in MailPlus, Synology Chat, and other supported applications and transmits them to Synology SNS server and push services of Apple, Google, or Mozilla, in order to notify the recipients about new messages on browsers or mobile apps. Additionally, the browser and device information of client devices will be collected and transmitted to the Synology SNS server and third-party push servers. This is done to pair the message content with the correct device. None of this data contains any of your personal information, and Synology does not track your device's serial number, MAC addresses, or IP addresses.

How we use your data

All the message contents transmitted to Synology SNS server and third parties are encrypted by Synology Application Service, ensuring your personal data is not accessible to others. The browser and device information of client devices is only used for pairing.

How we store your data

All the data collected by Synology Application Service will be removed immediately on Synology SNS server after they are transmitted to the third-party push services, so no data will be stored by Synology.

Push Notifications

Data we collect

Synology collects device-pairing information or email addresses in order to provide push notifications to your browsers, devices, or emails. The device-pairing information we collect includes but is not limited to your model name, serial number, device token, browser version, OS version, DSM version. None of device-pairing information can be used to directly identify you. You can turn off the notification services anytime by configuring settings at DSM Control Panel.

How we use your data

Synology uses the information collected from your devices in order to complete the push notification process from source to destination. For mobile and browser push services, the collected information will be sent to Synology's notification server, and the notification server will pair your DSM (source) with the target device (destination). For email push services, the collected information will be sent to email service providers to complete email push notifications.

How we store your data

Synology retains the collected information as long as needed for providing the services. Once the notification functionality is deactivated, Synology will delete the collected information immediately.

Mobile Applications

Data we collect

Synology collects operating system information from your mobile device in order to help us customize content for particular Synology Devices if you enable usage data sharing or device analytics on your Synology Device. The data we collect does not contain information that may identify you, the user.

Synology uses Google Analytics for Firebase to collect Synology mobile applications ("Apps") usage data and generates a usage statistics report. For example, the Apps usage data includes, but is not limited to, the type of mobile device you use, and the way you use the Apps. The statistics report is generated by aggregating App usage data. The statistics report does not contain information that may identify you, the user.

If the Apps crash when you are using, Firebase also generates a crash report for us including system information, software versions, and crash logs. The crash report does not contain information that may identify you, the user.

In Synology Drive Mobile App, we may collect device's latitude and longitude if you enable certain functions.

Synology collects device information from the Apps that support push notifications (app name, app version, and the push notification message). Please refer to the Push Notification and/or Synology Application Service sections for more information.

In the mainland of China, Synology Photos and Synology Moments use Baidu Maps SDK, a mapping service provided by Baidu, Inc., for the purposes of displaying the geographic information of photos on your device. Your device's MAC address will be collected by Baidu, Inc. to perform the mapping functionality. For details on how Baidu Inc. uses your data, please refer to Baidu's Privacy Policy.

How we use your data

Synology leverages aggregated application statistics from Firebase tool, Apple, or Android store platforms to better understand our user distribution. You can opt-out any time by updating your preferences in the settings of iOS or Android devices.

Synology collects crash reports from Firebase to only improve quality and to further develop our products and services. Crash information helps us to investigate problems and better understand what triggers them. You can opt-out any time by disabling the analytic feature in the setting of the iOS or Android devices.

For the device's latitude and longitude, we use this data to accelerate QuickConnect login. You can opt out of this feature at any time through the admin settings.

How we store your data

Synology retains statistics reports and crash reports for up to 14 months in order to generate useful information. Synology restricts access to both statistics reports and crash reports by specific employee roles. Synology does not collect or store your device's latitude and longitude; this data is erased from your device immediately after use.

Alexa Services

Data we collect

Synology collects the address and OAuth information of your Synology Device, in order to authorize your NAS to complete the account linking process required for the Amazon Alexa service.

How we use your data

Synology only stores information to authorize the Amazon Alexa service to access your NAS content, such as by enabling the Audio Station Skill to allow Amazon Alexa to access your music in Audio Station. Synology does not use this information for any other purpose. We do not share this information.

How we store your data

Data collected by this method are automatically deleted after six months of inactivity.

DSM Configuration Backup

Data we collect

DSM configuration backup is a service that backs up the configuration settings of your NAS device, ensuring that the settings can be imported in events of restoration or upgrade. You can opt-in DSM configuration backup in the initial installation process of DSM or later on in DSM Control Panel. The configuration data we collect may include your shared folder settings, user and admin group settings, security settings, network settings, login portal settings, regional options settings, application privileges settings, email addresses, and notification settings.

How we use your data

Synology periodically collects configuration data of your NAS devices in order to provide the DSM configuration backup and recovery services. You can opt-out anytime in the Control Panel.

How we store your data

Synology employs industry-standard encryption practices to safely protect your configuration data. Even in the event of a breach, the data collected cannot be used to identify you or your device.

Your data is stored as long as you enable the DSM configuration backup service. If you choose to disable your DSM configuration backup service, we will keep your configuration data for up to 180 days.

Active Insight

Data we collect

Synology collects operation data of your NAS devices in order to offer resource analytic, issue-tracking, Technical Support, and also to improve our devices and software (collectively "Active Insight Service"). The operation data we collect includes device analytic data, NAS serial numbers, IP addresses, and QuickConnect ID. We also collect email addresses to send you notifications and event reports. After you enable Active Insight, you can access the Active Insight web portal to review the performance of NAS devices in real-time. The Active Insight web portal will retain your login activities for up to one year for security purposes. The login activities include user names, hostnames, and IP addresses.

Please note that Active Insight Service works by only collecting device operation data. The files you stored in your NAS devices will not be collected or accessed by Synology.

Active Insight web portal may use "cookies" to help us better understand user behavior and to improve user experiences when you revisit our websites. For more information, please read our Cookie Policy.

How we use your data

Synology uses the data collected from your devices to offer Active Insight Service. We will periodically remove the correlations between the device analytic data and other identifiable data such as NAS serial number, IP address, e-mail address, and QuickConnect ID. The device analytic data cannot be traced back to you without the correlations with other identifiable data and will be integrated with peers' device analytic data to generate an aggregated report to provide device abnormality notification and improve our services.

You can opt-out anytime by deactivating the Active Insight feature from your Active Insight package or by removing your NAS from the Active Insight web portal. If you choose to deactivate your Active Insight feature from your Active Insight package, we will keep your identifiable data for up to 30 days. If you choose to disable your Active Insight feature from the Active Insight web portal, your identifiable data will be deleted immediately. After the removal of your identifiable data, the remaining device analytic data will be used to generate the aggregated report to help us to improve our services.

How we store your data

Your data on Active Insight are stored in our Europe - Frankfurt data center. Synology periodically deletes the identifiable data in order that the device analytic data collected cannot be used to identify you or your device. Synology restricts access to raw and aggregated data to only specific employee roles. Identifiable data collected are deleted along with the deletion of the relevant Synology Account.

MailPlus

Data we collect

If you use Bitdefender as the antispam/antivirus engine, some technical data will be shared with Bitdefender in order to provide you with the services, such as data for identifying the device (UUID), IP addresses, senders, recipients, subjects, or attachments. If a threat is detected, additional information will be sent to Bitdefender for the threat prevention and network security purposes, such as file names, file hashes, source URLs, and other anonymized data.

You can stop data collection anytime by turning off the antispam/antivirus engine or switching to another engine in MailPlus Server.

How we use your data

The information collected from your devices will be uploaded to Bitdefender's cloud center for spam detection. Please refer to Bitdefender's Privacy Policy for more information.

How we store your data

Synology does not store your data. The collected data will be sent to the Bitdefender server for antispam scanning. For more information on how long the data will be stored by Bitdefender, please refer to Bitdefender's Privacy Policy.